Tommy has written an AWS Lambda function that will perform certain tasks for the organization when data has been uploaded to an S3 bucket. Security policies for the organization do not allow Tommy to hardcode any type of credential within the Lambda code or environment variables. However, Tommy needs to retrieve a credential from Vault to write data to an on-premises database. What auth method should Tommy use in Vault to meet the requirements while not violating security policies?
Answer(s): A
Comprehensive and Detailed in DepthA: AWS auth uses IAM roles, avoiding hardcoded credentials. Correct for Lambda.B: Userpass requires username/password, violating policy. Incorrect.C: Token requires a pre-generated token, often hardcoded. Incorrect.D: AppRole needs RoleID/SecretID, typically hardcoded. Incorrect.Overall Explanation from Vault Docs:"The AWS auth method provides an automated mechanism to retrieve a Vault token for IAM principals... no manual credential provisioning required."
https://developer.hashicorp.com/vault/docs/auth/aws#aws-auth-method
What command would have created the token displayed below? $ vault token lookup hvs.nNeZ2I64ALCxuO7dqQEJGPrOKey: policies Value: [default dev], num_uses: 5, ttl: 767h59m49sKey Value--- -----accessor mfvaVMFgOcXHIeqlRasroSOn creation_time 1604610457creation_ttl 768h display_name token entity_id n/a expire_time 2024-12-07T16:07:37.7540672-05:00explicit_max_ttl 0s id hvs.nNeZ2I64ALCxuO7dqQEJGPrOissue_time 2024-11-05T16:07:37.7540672-05:00meta <nil>num_uses 5orphan false path auth/token/create policies [default dev]renewable true ttl 767h59m49s type service
Comprehensive and Detailed in DepthA: Matches dev policy and num_uses=5. TTL is system default (768h). Correct.B: Missing num_uses. Incorrect.C: Adds default policy explicitly, not needed as it's implicit. Incorrect.D: Missing num_uses. Incorrect.Overall Explanation from Vault Docs:"vault token create with -policy and -use-limit sets specific attributes... default policy is included implicitly."
https://developer.hashicorp.com/vault/docs/commands/token/create#command-options
You've set up multiple Vault clusters, one on-premises intended to be the primary cluster, and the second cluster in AWS, which was deployed for performance replication. After enabling replication, developers complain that all the data they've stored in the AWS Vault cluster is missing. What happened?
Answer(s): B
Comprehensive and Detailed in DepthA: Certificate issues don't delete data. Incorrect.B: Performance replication wipes the secondary's data to sync with the primary. Correct.C: Data isn't copied to the primary; replication is one-way. Incorrect.D: No recovery path exists; data is wiped. Incorrect.Overall Explanation from Vault Docs:"When replication is enabled, all of the secondary's existing storage will be wiped... This is irrevocable."
https://developer.hashicorp.com/vault/tutorials/enterprise/performance-replication
Based on the screenshot below, how many auth methods have been enabled on this Vault instance?
Comprehensive and Detailed in DepthToken is enabled by default and cannot be disabled.Userpass is explicitly enabled.Total: 2 auth methods.Overall Explanation from Vault Docs:"Tokens are the default auth method... Additional methods like userpass increase the count."
https://developer.hashicorp.com/vault/docs/concepts/tokens
Given the following policy, which command below would not result in a permission denied error (select two)?path "secret/*" { capabilities = ["create", "update"] allowed_parameters = { "student" = ["steve", "frank", "jamie", "susan", "gerry", "damien"] } }path "secret/apps/*" { capabilities = ["read"] }path "secret/apps/results" { capabilities = ["deny"] }
Answer(s): C,D
Comprehensive and Detailed in DepthA: Denied by secret/apps/results deny policy. Incorrect.B: secret/apps/app01 only allows read, not create. Incorrect.C: secret/common/results allows create with student=frank (allowed value). Correct.D: secret/apps/api_key allows read. Correct.Overall Explanation from Vault Docs:"deny overrides any allow... allowed_parameters restricts values."
https://developer.hashicorp.com/vault/docs/concepts/policies#parameter-constraints
Share your comments for HashiCorp HCVA0-003 exam with other users:
thank you for providing me with the updated question and answers. this version has all the questions from the exam. i just saw them in my exam this morning. i passed my exam today.
how i can see exam questions?
can you please upload please?
question 75: option c is correct answer
please add this exam
please upoad
has anyone recently attended safe 6.0 certification? is it the samq question from here.
expository experience
52 should be b&c. controller failure has nothing to do with this type of issue. degraded state tells us its a raid issue, and if the os is missing then the bootable device isnt found. the only other consideration could be data loss but thats somewhat broad whereas b&c show understanding of the specific issues the question is asking about.
great help!!!
very useful tools
looks a good platform to prepare az-104
want to pass the exam
good resource
question 11 : d
only the free dumps will be enough for pass, or have to purchase the premium one. please suggest.
good questions. thanks.
good for practice.
great case study
the questions in this exam dumps is valid. i passed my test last monday. i only whish they had their pricing in inr instead of usd. but it is still worth it.
q40 the answer is not d, why are you giving incorrect answers? snapshot consolidation is used to merge the snapshot delta disk files to the vm base disk
thanks, very relevant
wrong answer. it is true not false.
please i need the mo-100 questions
very good use full
very valid questions
will these question help me to clear pl-300 exam?
please provide me with these dumps questions. thanks
in the pdf downloaded is write google cloud database engineer i think that it isnt the correct exam
i think you have the answers wrong regarding question: "what are three core principles of web content accessibility guidelines (wcag)? answer: robust, operable, understandable
these questions are not valid , they dont come for the exam now
question looks valid
good for practice
need more q&a to go ahead